问题
I have a bucket policy that I customized from the AWS S3 docs, instead of range of IP addresses, I changed it for just one IP. The bucket name is : www.joaquinamenabar.com. The IP address 66.175.217.48 corresponds to the sub-domain: https://letsdance.joaquinamenabar.com/
{
"Version": "2012-10-17",
"Id": "S3PolicyId1",
"Statement": [
{
"Sid": "IPAllow",
"Effect": "Allow",
"Principal": "*",
"Action": "s3:*",
"Resource": "arn:aws:s3:::www.joaquinamenabar.com/*",
"Condition": {
"IpAddress": {"aws:SourceIp": "66.175.217.48"},
"NotIpAddress": {"aws:SourceIp": "66.175.217.48"}
}
}
]
}
The files are not available for public. I generate links using aws-sdk that expires after some time. The problem is the link is accessible from any IP. It has been more than a week since I changed the configuration. The changes should have propagated by this time. Any ideas what is wrong with this configuration?
回答1:
It looks like the effect of this policy is to allow access from all IP's (66.175.217.48 and not 66.175.217.48). Remove the NotIpAddress specifier. I think you may need to specify the allowed Ip address in CIDR format too:
"IpAddress": {"aws:SourceIp": "66.175.217.48/32"}
来源:https://stackoverflow.com/questions/51350398/restricting-access-to-s3-to-a-specific-ip-address